commit: f54ffc75e5aac69d195787d1cebb939136f28b28 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Fri Jul 19 22:35:08 2024 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Fri Jul 19 22:35:08 2024 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f54ffc75
ext4: use memtostr_pad() for s_volume_name Bug: https://bugs.gentoo.org/936269 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 ++++ 1900_ext4-memtostr_pad-fix.patch | 51 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/0000_README b/0000_README index e017d0cb..f46d7e17 100644 --- a/0000_README +++ b/0000_README @@ -55,6 +55,10 @@ Patch: 1730_parisc-Disable-prctl.patch From: https://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux.git Desc: prctl: Temporarily disable prctl(PR_SET_MDWE) on parisc +Patch: 1900_ext4-memtostr_pad-fix.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git +Desc: ext4: use memtostr_pad() for s_volume_name + Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch From: https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-mar...@holtmann.org/raw Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 diff --git a/1900_ext4-memtostr_pad-fix.patch b/1900_ext4-memtostr_pad-fix.patch new file mode 100644 index 00000000..1c32fc0c --- /dev/null +++ b/1900_ext4-memtostr_pad-fix.patch @@ -0,0 +1,51 @@ +From be27cd64461c45a6088a91a04eba5cd44e1767ef Mon Sep 17 00:00:00 2001 +From: Kees Cook <keesc...@chromium.org> +Date: Thu, 23 May 2024 15:54:12 -0700 +Subject: ext4: use memtostr_pad() for s_volume_name + +As with the other strings in struct ext4_super_block, s_volume_name is +not NUL terminated. The other strings were marked in commit 072ebb3bffe6 +("ext4: add nonstring annotations to ext4.h"). Using strscpy() isn't +the right replacement for strncpy(); it should use memtostr_pad() +instead. + +Reported-by: syzbot+50835f73143cc2905...@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/all/00000000000019f4c00619192...@google.com/ +Fixes: 744a56389f73 ("ext4: replace deprecated strncpy with alternatives") +Signed-off-by: Kees Cook <keesc...@chromium.org> +Link: https://patch.msgid.link/20240523225408.work.904-k...@kernel.org +Signed-off-by: Theodore Ts'o <ty...@mit.edu> +--- + fs/ext4/ext4.h | 2 +- + fs/ext4/ioctl.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h +index 983dad8c07ecd1..efed7f09876de9 100644 +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -1347,7 +1347,7 @@ struct ext4_super_block { + /*60*/ __le32 s_feature_incompat; /* incompatible feature set */ + __le32 s_feature_ro_compat; /* readonly-compatible feature set */ + /*68*/ __u8 s_uuid[16]; /* 128-bit uuid for volume */ +-/*78*/ char s_volume_name[EXT4_LABEL_MAX]; /* volume name */ ++/*78*/ char s_volume_name[EXT4_LABEL_MAX] __nonstring; /* volume name */ + /*88*/ char s_last_mounted[64] __nonstring; /* directory where last mounted */ + /*C8*/ __le32 s_algorithm_usage_bitmap; /* For compression */ + /* +diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c +index dab7acd4970923..e8bf5972dd47bf 100644 +--- a/fs/ext4/ioctl.c ++++ b/fs/ext4/ioctl.c +@@ -1151,7 +1151,7 @@ static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label + BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX); + + lock_buffer(sbi->s_sbh); +- strscpy_pad(label, sbi->s_es->s_volume_name); ++ memtostr_pad(label, sbi->s_es->s_volume_name); + unlock_buffer(sbi->s_sbh); + + if (copy_to_user(user_label, label, sizeof(label))) +-- +cgit 1.2.3-korg +